CVE-2018-1270

critical-risk

Published 2018-04-06

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.

Do I need to act?

90.0% chance of exploitation in next 30 days

EPSS score — higher than 10% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Fix available

Upgrade to: 8da0e46ff253bab5783713078eae8898708996ba, 4b9bc50fd057bb20278dc137820159f600cce324, 3767abea3a9ec4b76257c1f98d65bd9da57afd28

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Spring Framework

Application Testing Suite

Big Data Discovery

Communications Converged Application Server

Communications Diameter Signaling Router

Communications Performance Intelligence Center

Communications Services Gatekeeper

Enterprise Manager Ops Center

Goldengate For Big Data

Health Sciences Information Manager

Healthcare Master Person Index

Insurance Calculation Engine

Affected Vendors

Debian Redhat Oracle Vmware

References (32)

Patch http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Patch http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Third Party Advisory http://www.securityfocus.com/bid/103696

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2939

https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc1212465...

https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458...

https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b...

https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9...

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741...

Mailing List https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html

Vendor Advisory https://pivotal.io/security/cve-2018-1270

Broken Link https://www.exploit-db.com/exploits/44796/

Patch https://www.oracle.com/security-alerts/cpujul2020.html

Patch https://www.oracle.com/security-alerts/cpuoct2021.html

Patch https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Patch https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Patch http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Patch http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Third Party Advisory http://www.securityfocus.com/bid/103696

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2939

and 12 more references

/ 100

critical-risk

Severity 32/34 · Critical

Exploitability 20/34 · Moderate

Exposure 28/34 · Critical